guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Omar Sandoval <omga...@gmail.com>
Subject Re: LDAP and administrator functions
Date Tue, 15 Nov 2016 20:53:34 GMT
For my installation I just logged in as guacadmin and granted my LDAP user
the appropriate permissions. It wasn't necessary for the account to exist
in both the database and LDAP.

On Tue, Nov 15, 2016 at 12:25 PM Mike Jumper <mike.jumper@guac-dev.org>
wrote:

You'll need to create a Guacamole user within the database with the same
username as a user in LDAP, or create a user within LDAP having the same
username as a Guacamole user. As long as an account exists in both places,
and the user within the Guacamole database has administrative permissions,
then you should see the admin functions. If the corresponding LDAP user has
permission to query other users in the directory, then you should also see
LDAP users listed in the overall list of users in the admin screen, even if
they do not yet exist in the database.

>From the brief section on this in the manual [1]:

"If an administrator account (such as the default guacadmin user provided
with the database authentication) has a corresponding user in the LDAP
directory with permission to list and read other LDAP users, the Guacamole
administrative interface will include LDAP users in the overall user list
presented to the administrator, and allow connections from the database to
be associated with those users directly."

- Mike

[1]
http://guacamole.incubator.apache.org/doc/gug/ldap-auth.html#ldap-and-database


On Tue, Nov 15, 2016 at 8:15 AM, James Allsopp <jamesaallsopp@googlemail.com
> wrote:

Hello,
I've set Guacamole up to use the mysql database backend and ldap, but
although everything works I can't see the administration functions now. Is
there any way of doing this, as we'd like the administrative functions, but
need to use an LDAP server to co-ordinate with other projects?

Thanks,
James

Mime
View raw message